WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12177 | Download Manager Plugin Vulnerability | MEDIUM | 5.3 | 38d | Unpatched |
| CVE-2025-12064 | WP2Social Auto Publish Plugin Vulnerability | MEDIUM | 6.1 | 38d | Unpatched |
| CVE-2025-11980 | SQL Injection in Quick Featured Images WordPress Plugin | MEDIUM | 4.9 | 38d | Unpatched |
| CVE-2025-11748 | WordPress Groups Plugin Vulnerability | MEDIUM | 4.3 | 38d | Unpatched |
| CVE-2025-12583 | Simple Downloads List Plugin Vulnerability | MEDIUM | 6.4 | 38d | Unpatched |
| CVE-2025-4522 | IDonate Vulnerability | MEDIUM | 6.5 | - | Patched |
| CVE-2025-12527 | Page & Post Notes Plugin Vulnerability | MEDIUM | 4.3 | 39d | Unpatched |
| CVE-2025-62030 | td-composer | MEDIUM | 6.5 | 40d | Patched |
| CVE-2025-62033 | Togo Togo Broken Access Control Vulnerability | MEDIUM | 6.5 | 40d | Patched |
| CVE-2025-12560 | Blog2Social Vulnerability | MEDIUM | 5.3 | 40d | Unpatched |